May 16, 2019 04:14 PM|bruce (sqlwork.com)|LINK
the main use of a JWT, is when the caller does not have access to the username & password for each call, or the callee does not have access to the password for validation. if the caller will always have the users credentials, and the callee can always validate,
then basic authentication may make more sense.
you use a JWT to pass the user name and claims securely without including the password. the service can validate the token without needing the password (it just needs the shared encryption key). this is real common case with a single sign on server. You
could also use a JWT to cache the claims, if it is expensive to gather the claims.